Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
validator vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2021-3765
validator.js is vulnerable to Inefficient Regular Expression Complexity
Validator Project Validator
7.5
CVSSv3
CVE-2021-40901
A Regular Expression Denial of Service (ReDOS) vulnerability exists in scniro-validator v1.0.1 when validating crafted invalid emails.
Scniro-validator Project Scniro-validator 1.0.1
9.8
CVSSv3
CVE-2020-17479
jpv (aka Json Pattern Validator) prior to 2.2.2 does not properly validate input, as demonstrated by a corrupted array.
Json Pattern Validator Project Json Pattern Validator
7.5
CVSSv3
CVE-2022-47925
The validate JSON endpoint of the Secvisogram csaf-validator-service in versions < 0.1.0 processes tests with unexpected names. This insufficient input validation of requests by an unauthenticated remote user might lead to a partial DoS of the service. Only the request of the ...
Csaf-validator-lib Project Csaf-validator-lib
6.5
CVSSv3
CVE-2022-47924
An high privileged attacker may pass crafted arguments to the validate function of csaf-validator-lib of a locally installed Secvisogram in versions < 0.1.0 wich can result in arbitrary code execution and DoS once the users triggers the validation.
Csaf-validator-lib Project Csaf-validator-lib
5.3
CVSSv3
CVE-2019-19507
In jpv (aka Json Pattern Validator) prior to 2.1.1, compareCommon() can be bypassed because certain internal attributes can be overwritten via a conflicting name, as demonstrated by 'constructor': {'name':'Array'}. This affects validate(). Hence, a c...
Json Pattern Validator Project Json Pattern Validator
9.8
CVSSv3
CVE-2019-18413
In TypeStack class-validator 0.10.2, validate() input validation can be bypassed because certain internal attributes can be overwritten via a conflicting name. Even though there is an optional forbidUnknownValues parameter that can be used to reduce the risk of this bypass, this ...
Typestack Class-validator Project Typestack Class-validator 0.10.2
4 Github repositories
7.5
CVSSv3
CVE-2021-43114
FORT Validator versions before 1.5.2 will crash if an RPKI CA publishes an X.509 EE certificate. This will lead to RTR clients such as BGP routers to lose access to the RPKI VRP data set, effectively disabling Route Origin Validation.
Fort Validator Project Fort Validator
Debian Debian Linux 11.0
5.4
CVSSv3
CVE-2020-4070
In CSS Validator less than or equal to commit 54d68a1, there is a cross-site scripting vulnerability in handling URIs. A user would have to click on a specifically crafted validator link to trigger it. This has been patched in commit e5c09a9.
W3c Css Validator
9.1
CVSSv3
CVE-2020-16163
An issue exists in RIPE NCC RPKI Validator 3.x prior to 3.1-2020.07.06.14.28. RRDP fetches proceed even with a lack of validation of a TLS HTTPS endpoint. This allows remote malicious users to bypass intended access restrictions, or to trigger denial of service to traffic directe...
Ripe Rpki Validator 3
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
5
NEXT »